This topic can probably be applied to any Safety Module in general, so I'll keep my descriptions generic. In my case, I have a muting module by Banner.
My question is related to when the safety module has an error/fault that can only be reset by cycling power to the safety module.
It is a rare event for this to happen, but it does occasionally happen. The module's fault state will open up the contacts and stop the machine, regardless of the status of the monitored safety device. The PLC will assume the monitored device is the problem (ex: light curtain is blocked, guard is open, etc) when it's really the safety module that is the problem.
Not sure if this is a standard rule when it comes to safety modules, but on my machines, the module is powered directly from the 24V power supply. Therefore, when faults like this happen, users are basically finding it easier to cycle power to the entire machine (just to essentially reset the faulted muting module), rather than get help.
For my machine, cycling power can mess up communications, so I would like to prevent users from developing the habit of cycling power to the machine whenever the program is misbehaving.
So I am tempted with the idea of rewiring and reprogramming the machine so that the safety module's power can be cycled by the program. This will of course be done only under special circumstances and with safety in mind. (The purpose of the idea is basically to give the user the ability to resolve these rare events, without having to resort of killing power to the entire machine. It will basically be part of the 'machine reset' sequence that the users are already familiar with.)
My question is whether or not this idea is against any rules when it comes to safety. Am I pushing the convenience factor too far with this idea?
I'm pretty confident that the idea will work, and not decrease safety. I'm just a concerned about rules when it comes to how a safety module is powered.
Again, in my case the machines all came with them directly powered off the power supply. I was thinking of running power through a Normal Close relay. The Special reset procedure will briefly energize the relay, rebooting the Safety Module. Otherwise, the relays stay de-energized and hence the safety module stays powered the vast majority of the time.
My question is related to when the safety module has an error/fault that can only be reset by cycling power to the safety module.
It is a rare event for this to happen, but it does occasionally happen. The module's fault state will open up the contacts and stop the machine, regardless of the status of the monitored safety device. The PLC will assume the monitored device is the problem (ex: light curtain is blocked, guard is open, etc) when it's really the safety module that is the problem.
Not sure if this is a standard rule when it comes to safety modules, but on my machines, the module is powered directly from the 24V power supply. Therefore, when faults like this happen, users are basically finding it easier to cycle power to the entire machine (just to essentially reset the faulted muting module), rather than get help.
For my machine, cycling power can mess up communications, so I would like to prevent users from developing the habit of cycling power to the machine whenever the program is misbehaving.
So I am tempted with the idea of rewiring and reprogramming the machine so that the safety module's power can be cycled by the program. This will of course be done only under special circumstances and with safety in mind. (The purpose of the idea is basically to give the user the ability to resolve these rare events, without having to resort of killing power to the entire machine. It will basically be part of the 'machine reset' sequence that the users are already familiar with.)
My question is whether or not this idea is against any rules when it comes to safety. Am I pushing the convenience factor too far with this idea?
I'm pretty confident that the idea will work, and not decrease safety. I'm just a concerned about rules when it comes to how a safety module is powered.
Again, in my case the machines all came with them directly powered off the power supply. I was thinking of running power through a Normal Close relay. The Special reset procedure will briefly energize the relay, rebooting the Safety Module. Otherwise, the relays stay de-energized and hence the safety module stays powered the vast majority of the time.